Government warns of escalating attacks linked to Moscow
Sweden is bracing for a surge in hostile cyber activity as the country approaches its 2026 general elections, with Civil Defence Minister Carl-Oskar Bohlin confirming a steady rise in attacks targeting national institutions. He said the government has instructed the national cybersecurity agency to strengthen defensive measures in view of mounting threats, noting that most hacking attempts and disinformation efforts against Sweden originate from Russia. These concerns were underscored in coverage of Sweden’s preparations for election-related cyberattacks.
The elections on 13 September 2026 will determine the 349 members of the Riksdag, who will then choose the next prime minister, alongside simultaneous regional and municipal votes. Officials expect the scale of the campaign to generate new vulnerabilities, warning that widespread attempts to target official websites and national IT infrastructure have already become routine. The cybersecurity agency has been tasked with assessing national exposure, proposing mitigation tools and planning large-scale cyber exercises, with preliminary findings due to the Ministry of Civil Defence by March 2026.
Western democracies face a broader pattern of election interference
Over recent years, cyberattacks and disinformation operations during election cycles have become a persistent feature across Western states, with experts attributing many of these intrusions to Russia. Romania annulled the results of its December 2024 presidential vote after verified Russian interference in media and social platforms, while Moldova sought EU assistance ahead of its September 2025 elections amid repeated cyberattacks blamed on Moscow.
The coordinated pressure extends beyond information manipulation. The UK, the US and Australia recently imposed joint sanctions on Russian hosting providers Media Land LLC and ML.Cloud LLC for enabling bulletproof hosting and facilitating cybercrime. They also sanctioned AEZA Group for supporting operations of the Russian “Social Design Agency,” which conducts pro-Kremlin propaganda and information-psychological campaigns targeting Western democracies. A similar round of sanctions in February 2025 was directed at a Russian hosting company and individuals linked to the LockBit ransomware network, following earlier actions in October 2024 against entities associated with the cybercriminal group Evil Corp.
Escalating hybrid pressure across Europe
Intensifying hybrid activity has also been documented beyond the cyber domain. Polish Prime Minister Donald Tusk said on 21 November 2025 that Russia-inspired sabotage aims to destabilize and weaken Poland, describing recent disruptions to the national railway network as evidence of “state terrorism.” He added that operations orchestrated by Russian intelligence had crossed a critical threshold, prompting Warsaw to launch Operation Horizon—a nationwide effort to protect critical infrastructure using up to 10,000 personnel from the army, territorial defence forces, special operations units, police and railway protection services. The decision was accompanied by the closure of Russia’s last functioning consulate in Gdańsk.
Across the EU and allied countries, authorities report a notable rise in information-psychological operations, cyber intrusions and hybrid attacks linked to Moscow. Law-enforcement agencies warn that Russia is steadily expanding its toolkit, merging traditional espionage with technological disruption and sabotage, creating a multifaceted threat environment that European governments are now racing to counter.
